Merge pull request #1937 from pdrozd/ssl-required

Support for testing ssl-required.
This commit is contained in:
Pavel Drozd 2015-12-11 15:28:38 +01:00
commit 35f8e3c19f
22 changed files with 473 additions and 10 deletions

View file

@ -179,6 +179,67 @@
</plugins>
</build>
</profile>
<profile>
<id>ssl</id>
<activation>
<property>
<name>auth.server.ssl.required</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>xml-maven-plugin</artifactId>
<executions>
<execution>
<id>configure-adapter-subsystem-security</id>
<phase>process-resources</phase>
<goals>
<goal>transform</goal>
</goals>
<configuration>
<transformationSets>
<transformationSet>
<dir>${keycloak.server.home}/standalone/configuration</dir>
<includes>
<include>standalone.xml</include>
</includes>
<stylesheet>src/main/xslt/security.xsl</stylesheet>
<outputDir>${keycloak.server.home}/standalone/configuration</outputDir>
</transformationSet>
</transformationSets>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>2.7</version>
<executions>
<execution>
<id>copy-keystore</id>
<phase>process-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${keycloak.server.home}/standalone/configuration</outputDirectory>
<resources>
<resource>
<directory>src/main/keystore</directory>
<includes>
<include>keycloak.jks</include>
<include>keycloak.truststore</include>
</includes>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>
</project>

View file

@ -0,0 +1,34 @@
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
xmlns:j="urn:jboss:domain:1.7"
xmlns:w="urn:jboss:domain:web:2.2"
version="2.0"
exclude-result-prefixes="xalan j ds k sec">
<xsl:param name="config"/>
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="//w:connector[@name='http']">
<xsl:copy-of select="."/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" password="secret" certificate-key-file="${{jboss.server.config.dir}}/keycloak.jks"/>
</connector>
</xsl:template>
<xsl:template match="//j:extensions">
<xsl:copy-of select="."/>
<system-properties>
<property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
<property name="javax.net.ssl.trustStorePassword" value="secret"/>
</system-properties>
</xsl:template>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

View file

@ -225,6 +225,68 @@
</plugins>
</build>
</profile>
<profile>
<id>ssl</id>
<activation>
<property>
<name>auth.server.ssl.required</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>xml-maven-plugin</artifactId>
<executions>
<execution>
<id>configure-adapter-subsystem-security</id>
<phase>process-resources</phase>
<goals>
<goal>transform</goal>
</goals>
<configuration>
<transformationSets>
<transformationSet>
<dir>${keycloak.server.home}/standalone/configuration</dir>
<includes>
<include>standalone.xml</include>
</includes>
<stylesheet>src/main/xslt/security.xsl</stylesheet>
<outputDir>${keycloak.server.home}/standalone/configuration</outputDir>
</transformationSet>
</transformationSets>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>2.7</version>
<executions>
<execution>
<id>copy-keystore</id>
<phase>process-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${keycloak.server.home}/standalone/configuration</outputDirectory>
<resources>
<resource>
<directory>src/main/keystore</directory>
<includes>
<include>keycloak.jks</include>
<include>keycloak.truststore</include>
</includes>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>jpa</id>
<properties>
@ -368,5 +430,4 @@
</build>
</profile>
</profiles>
</project>

View file

@ -0,0 +1,55 @@
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
xmlns:j="urn:jboss:domain:3.0"
xmlns:ds="urn:jboss:domain:datasources:3.0"
xmlns:k="urn:jboss:domain:keycloak:1.1"
xmlns:sec="urn:jboss:domain:security:1.2"
xmlns:u="urn:jboss:domain:undertow:2.0"
version="2.0"
exclude-result-prefixes="xalan j ds k sec">
<xsl:param name="config"/>
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="//j:security-realms">
<xsl:copy>
<xsl:apply-templates select="node()[name(.)='security-realm']"/>
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="keycloak.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
</ssl>
</server-identities>
</security-realm>
</xsl:copy>
</xsl:template>
<xsl:template match="//u:http-listener">
<http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
</xsl:template>
<xsl:template match="//u:host">
<https-listener name="https" socket-binding="proxy-https" security-realm="UndertowRealm"/>
<xsl:copy-of select="."/>
</xsl:template>
<xsl:template match="//j:socket-binding[@name='http']">
<xsl:copy-of select="."/>
<socket-binding name="proxy-https" port="8443"/>
</xsl:template>
<xsl:template match="//j:extensions">
<xsl:copy-of select="."/>
<system-properties>
<property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
<property name="javax.net.ssl.trustStorePassword" value="secret"/>
</system-properties>
</xsl:template>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

View file

@ -4,7 +4,7 @@
<parent>
<groupId>org.keycloak.testsuite</groupId>
<artifactId>integration-arquillian-tests-adapters</artifactId>
<version>1.7.0.Final-SNAPSHOT</version>
<version>1.8.0.CR1-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@ -131,5 +131,71 @@
</plugins>
</build>
</profile>
</profiles>
<profile>
<id>ssl</id>
<activation>
<property>
<name>app.server.ssl.required</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>xml-maven-plugin</artifactId>
<executions>
<execution>
<id>configure-adapter-subsystem-security</id>
<phase>process-resources</phase>
<goals>
<goal>transform</goal>
</goals>
<configuration>
<transformationSets>
<transformationSet>
<dir>${app.server.eap6.home}/standalone/configuration</dir>
<includes>
<include>standalone.xml</include>
</includes>
<stylesheet>src/main/xslt/security.xsl</stylesheet>
<outputDir>${app.server.eap6.home}/standalone/configuration</outputDir>
</transformationSet>
</transformationSets>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>2.7</version>
<executions>
<execution>
<id>copy-keystore</id>
<phase>process-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${app.server.eap6.home}/standalone/configuration</outputDirectory>
<resources>
<resource>
<directory>src/main/keystore</directory>
<includes>
<include>adapter.jks</include>
<include>keycloak.truststore</include>
</includes>
</resource>
</resources>
<nonFilteredFileExtensions>
<nonFilteredFileExtension>jks</nonFilteredFileExtension>
<nonFilteredFileExtension>truststore</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

View file

@ -0,0 +1,34 @@
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
xmlns:j="urn:jboss:domain:1.7"
xmlns:w="urn:jboss:domain:web:2.2"
version="2.0"
exclude-result-prefixes="xalan j ds k sec">
<xsl:param name="config"/>
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="//w:connector[@name='http']">
<xsl:copy-of select="."/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" password="secret" certificate-key-file="${{jboss.server.config.dir}}/adapter.jks"/>
</connector>
</xsl:template>
<xsl:template match="//j:extensions">
<xsl:copy-of select="."/>
<system-properties>
<property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
<property name="javax.net.ssl.trustStorePassword" value="secret"/>
</system-properties>
</xsl:template>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

View file

@ -15,8 +15,10 @@
<properties>
<app.server.port.offset>200</app.server.port.offset>
<app.server.http.port>8280</app.server.http.port>
<app.server.https.port>8643</app.server.https.port>
<app.server.management.port>10190</app.server.management.port>
<app.server.management.port.jmx>10199</app.server.management.port.jmx>
<app.server.ssl.required>false</app.server.ssl.required>
<adapter.test.props>-Dapp.server.base.url=http://localhost:${app.server.http.port} -Dmy.host.name=localhost</adapter.test.props>
<exclude.adapters>-</exclude.adapters>
@ -91,9 +93,11 @@
<app.server.port.offset>${app.server.port.offset}</app.server.port.offset>
<app.server.http.port>${app.server.http.port}</app.server.http.port>
<app.server.https.port>${app.server.https.port}</app.server.https.port>
<app.server.management.port>${app.server.management.port}</app.server.management.port>
<app.server.management.port.jmx>${app.server.management.port.jmx}</app.server.management.port.jmx>
<app.server.ssl.required>${app.server.ssl.required}</app.server.ssl.required>
<adapter.test.props>${adapter.test.props}</adapter.test.props>
<adapter.libs.mode>bundled</adapter.libs.mode>

View file

@ -130,5 +130,71 @@
</plugins>
</build>
</profile>
<profile>
<id>ssl</id>
<activation>
<property>
<name>app.server.ssl.required</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>xml-maven-plugin</artifactId>
<executions>
<execution>
<id>configure-adapter-subsystem-security</id>
<phase>process-resources</phase>
<goals>
<goal>transform</goal>
</goals>
<configuration>
<transformationSets>
<transformationSet>
<dir>${app.server.wildfly.home}/standalone/configuration</dir>
<includes>
<include>standalone.xml</include>
</includes>
<stylesheet>src/main/xslt/security.xsl</stylesheet>
<outputDir>${app.server.wildfly.home}/standalone/configuration</outputDir>
</transformationSet>
</transformationSets>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>2.7</version>
<executions>
<execution>
<id>copy-keystore</id>
<phase>process-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>${app.server.wildfly.home}/standalone/configuration</outputDirectory>
<resources>
<resource>
<directory>src/main/keystore</directory>
<includes>
<include>adapter.jks</include>
<include>keycloak.truststore</include>
</includes>
</resource>
</resources>
<nonFilteredFileExtensions>
<nonFilteredFileExtension>jks</nonFilteredFileExtension>
<nonFilteredFileExtension>truststore</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
</project>

View file

@ -0,0 +1,55 @@
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:xalan="http://xml.apache.org/xalan"
xmlns:j="urn:jboss:domain:3.0"
xmlns:ds="urn:jboss:domain:datasources:3.0"
xmlns:k="urn:jboss:domain:keycloak:1.1"
xmlns:sec="urn:jboss:domain:security:1.2"
xmlns:u="urn:jboss:domain:undertow:2.0"
version="2.0"
exclude-result-prefixes="xalan j ds k sec">
<xsl:param name="config"/>
<xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" xalan:indent-amount="4" standalone="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="//j:security-realms">
<xsl:copy>
<xsl:apply-templates select="node()[name(.)='security-realm']"/>
<security-realm name="UndertowRealm">
<server-identities>
<ssl>
<keystore path="adapter.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
</ssl>
</server-identities>
</security-realm>
</xsl:copy>
</xsl:template>
<xsl:template match="//u:http-listener">
<http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
</xsl:template>
<xsl:template match="//u:host">
<https-listener name="https" socket-binding="proxy-https" security-realm="UndertowRealm"/>
<xsl:copy-of select="."/>
</xsl:template>
<xsl:template match="//j:socket-binding[@name='http']">
<xsl:copy-of select="."/>
<socket-binding name="proxy-https" port="8443"/>
</xsl:template>
<xsl:template match="//j:extensions">
<xsl:copy-of select="."/>
<system-properties>
<property name="javax.net.ssl.trustStore" value="${{jboss.server.config.dir}}/keycloak.truststore"/>
<property name="javax.net.ssl.trustStorePassword" value="secret"/>
</system-properties>
</xsl:template>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

View file

@ -249,13 +249,19 @@ public class ContainersTestEnricher {
public static String getAuthServerContextRootFromSystemProperty() {
// TODO find if this can be extracted from ARQ metadata instead of System properties
return "http://localhost:" + Integer.parseInt(
System.getProperty("auth.server.http.port", "8180"));
boolean sslRequired = Boolean.parseBoolean(System.getProperty("auth.server.ssl.required"));
if (sslRequired) {
return "https://localhost:" + Integer.parseInt(System.getProperty("auth.server.https.port", "8543"));
}
return "http://localhost:" + Integer.parseInt(System.getProperty("auth.server.http.port", "8180"));
}
public static String getAppServerContextRootFromSystemProperty() {
return "http://localhost:" + Integer.parseInt(
System.getProperty("app.server.http.port", "8280"));
boolean sslRequired = Boolean.parseBoolean(System.getProperty("app.server.ssl.required"));
if (sslRequired) {
return "https://localhost:" + Integer.parseInt(System.getProperty("app.server.https.port", "8643"));
}
return "http://localhost:" + Integer.parseInt(System.getProperty("app.server.http.port", "8280"));
}
}

View file

@ -74,6 +74,9 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
adapterConfig.setAuthServerUrl(getAuthServerContextRootFromSystemProperty() + "/auth");
adapterConfig.setRealmKey(REALM_KEY);
}
if ("true".equals(System.getProperty("app.server.ssl.required"))) {
adapterConfig.setSslRequired("all");
}
archive.add(new StringAsset(JsonSerialization.writeValueAsPrettyString(adapterConfig)),
adapterConfigPath);

View file

@ -22,6 +22,8 @@ public class URLProvider extends URLResourceProvider {
public static final String LOCALHOST_ADDRESS = "127.0.0.1";
public static final String LOCALHOST_HOSTNAME = "localhost";
private final boolean appServerSslRequired = Boolean.parseBoolean(System.getProperty("app.server.ssl.required"));
@Inject
Instance<TestContext> testContext;
@ -36,6 +38,9 @@ public class URLProvider extends URLResourceProvider {
try {
url = fixLocalhost(url);
url = removeTrailingSlash(url);
if (appServerSslRequired) {
url = fixSsl(url);
}
} catch (MalformedURLException ex) {
log.log(Level.FATAL, null, ex);
}
@ -67,6 +72,12 @@ public class URLProvider extends URLResourceProvider {
return fixedUrl;
}
public URL fixSsl(URL url) throws MalformedURLException {
URL fixedUrl = url;
String urlString = fixedUrl.toExternalForm().replace("http", "https").replace(System.getProperty("app.server.http.port", "8280"), System.getProperty("app.server.https.port", "8643"));
return new URL(urlString);
}
public URL removeTrailingSlash(URL url) throws MalformedURLException {
URL urlWithoutSlash = url;
String urlS = url.toExternalForm();

View file

@ -49,6 +49,9 @@ public abstract class AbstractAdapterTest extends AbstractAuthTest {
modifyClientRedirectUris(tr, "^(/.*/\\*)", appServerContextRootPage.toString() + "$1");
modifyClientUrls(tr, "^(/.*)", appServerContextRootPage.toString() + "$1");
}
if ("true".equals(System.getProperty("auth.server.ssl.required"))) {
tr.setSslRequired("all");
}
}
}

View file

@ -24,8 +24,10 @@
<auth.server.container>auth-server-undertow</auth.server.container>
<auth.server.port.offset>100</auth.server.port.offset>
<auth.server.http.port>8180</auth.server.http.port>
<auth.server.https.port>8543</auth.server.https.port>
<auth.server.management.port>10090</auth.server.management.port>
<auth.server.management.port.jmx>10099</auth.server.management.port.jmx>
<auth.server.ssl.required>false</auth.server.ssl.required>
<startup.timeout.sec>60</startup.timeout.sec>
<browser>phantomjs</browser>
@ -84,8 +86,10 @@
<auth.server.undertow>true</auth.server.undertow>
<auth.server.port.offset>${auth.server.port.offset}</auth.server.port.offset>
<auth.server.http.port>${auth.server.http.port}</auth.server.http.port>
<auth.server.https.port>${auth.server.https.port}</auth.server.https.port>
<auth.server.management.port>${auth.server.management.port}</auth.server.management.port>
<auth.server.management.port.jmx>${auth.server.management.port.jmx}</auth.server.management.port.jmx>
<auth.server.ssl.required>${auth.server.ssl.required}</auth.server.ssl.required>
<startup.timeout.sec>${startup.timeout.sec}</startup.timeout.sec>
</systemPropertyVariables>
<properties>